Truth About Computer Security Hysteria
New estimate puts viruses/hacking at $1.6 TRILLIONRob Rosenberger, Vmyths co-founder
Tuesday, 29 August 2000
ANTIVIRUS EXPERTS RACED last week to find copies of a supposedly "new" version of the Pokémon Pikachu worm. (Gesundheit.) Instead, they sent each other a byte-for-byte clone of a virus first seen in May. At any rate, the media's momentary uproar seems out of place if you study this threat report.
Pikachu hasn't done a peekaboo, if you know what I mean. But hey, forget about Pokémon for a moment. Did you know viruses & hacking now exceed $1.6 trillion dollars? My cries about "billions of dollars" remain unanswered; now I gotta start attacking "trillions." These figures appeared in the August edition of Information Security magazine:
(A plug for Vmyths.com appeared in the same issue. I love irony.) The numbers come from a "global survey" conducted by InformationWeek, fielded by PriceWaterhouseCoopers LLP, and researched by Reality Research & Consulting. I quote from a highbrow press release:
In total, the bill to U.S. firms this year for viruses and computer hacking will amount to $266 billion, or more than 2.5% of the nation's Gross Domestic Product (GDP). The price tag worldwide soars to $1.6 trillion. "These estimates are based on the broadest sampling ever achieved in the security industry," noted Rusty Weston, Editor of InformationWeek Research and informationweek.com. "The findings indicate that viruses are far more disruptive to organizations than most people realize. Lost productivity will undoubtedly force many IT organizations to reassess their network defenses and security policies."
Think of it this way: if you live in the U.S. and spend $40 at the bijou, then $1 went to repair computers damaged by a hacker or virus. (Probably damaged by the kid running the movie projector, I'll bet.) DiStefano actually believes he made a conservative estimate.
Oddly, PriceWaterhouseCoopers doesn't seem to agree with the kahunas at Reality Research & Consulting and InformationWeek. ("Reality Research." I love irony.) PWC's ad in the same issue of Information Security magazine says "last year, computer hackers cost businesses 45 billion dollars."
A paltry $45 billion? Man, that's bus fare. So what gives? I've yet to find a security vendor who touts "trillions" in a press release.
Associated Press technology writer Cliff Edwards went on to distill it for the world: "A study ... estimated businesses worldwide will lose more than $1.5 trillion this year because of computer viruses spread through the Internet." Amazingly, his very next paragraph claims ILoveYou "affected about 45 million computer files at a cost to companies of $2.61 billion."
Pull out your solar calculators, folks. Time for some quick math.
The U.S. federal government spent roughly $142 billion per month in fiscal year 1999, compared to hackers & viruses which siphon roughly $107 billion per month worldwide. America could wipe out its national debt in seven years if they could tap into the RR&C/InformationWeek estimate. The $266 billion U.S. estimate for hacking & viruses almost equals the $276 billion spent on U.S. defense in fiscal year 1999.
AP's Edwards would report 575 ILoveYou catastrophes in 465 days just to match the RR&C/InformationWeek estimate. If every single human being on the planet owned a computer, they'd all get infected four times each in 15 months. (Hmmm, I'm definitely not doing my part. Who's picking up my slack?) If we instead use the Lloyd's of London estimate of $15 billion for ILoveYou, then we'd only see three Internet catastrophes every two weeks.
Such is the damage caused by hackers & viruses according to RR&C/InformationWeek.
Now let's compare their estimate to Hurricane Andrew, the worst natural disaster in U.S. history. It temporarily wiped Miami off the map at a cost of roughly $26 billion. Andrew must slam into Florida almost once a week to equal the impact of viruses & hackers. Every hurricane to hit the U.S. since Camille, combined, doesn't match what hackers & viruses did worldwide in the last 15 months.
Now let's compare the RR&C/InformationWeek estimate to the ultra-rich. According to Forbes, you can buy out every one of the world's billionaires. All of them! And you'll have enough coins left to purchase General Electric.
Simple math, folks.
These "sobering" statistics prove the PC and the web indeed qualify as national security threats. We should nationalize AOL/Time-Warner in an effort to eliminate computer networking. And we obviously should take computers out of the classroom. Pimply e-terrorists shouldn't carry automatic laptop weapons to school. I say we bring back the #2 pencil.
"But Rob," you moan, "you're comparing apples to oranges again. We only measure monetary damage in a hurricane. This RR&C/InformationWeek study counts up lost productivity." Okay then, who's at fault here? Me? Bah. I didn't compare lost productivity to the U.S. GDP.
"Lost productivity" seems relevant here, so let's talk. How many trillions of productivity dollars did United Air Lines steal from Americans in the last few weeks alone? Why doesn't the FBI raid some UAL cockpits? You should see the recent LaptopLane bills I racked up just at O'Hare airport. I want my lost productivity back!
Speaking of lost productivity... I might as well moan about a company named Cobalt. (Skip to the last two paragraphs if you want the punchline immediately.) Their stock trades publicly and they sell a "slim server" known as the Qube2. I purchased one for my network early this year — and I've suffered for it ever since.
My problems began almost immediately. The Linux kernel crashed at least once a week. It stopped supporting DHCP in mid-March. In late June the Qube2 stopped supporting DNS. In July it bit the dust after I installed Cobalt's buggy OS upgrade. I spent $149 for a spare-in-the-air — a refurb which crashed two hours after I opened the package. (Yes yes yes, that's when I learned my lesson about the buggy OS upgrade.) The refurb crashes when it tries to restore backups containing my critical business files. This Qube2 had the gall to crash during a Cobalt technician's telnet session.
So I spent another $114 for an OS restore CD (only sold separately). I just wanted to roll back to a more stable version of Linux so I could restore critical business files. Sadly, it doesn't work. The technicians believe I received bad media, yet they won't send me a new one. (Cobalt doesn't replace CDs as a policy.) In hindsight, I should've bought another refurb instead of the CD.
I remain unable to restore the OS on a refurbished Qube2 replacement box which crashes regularly. How much money have I lost so far in terms of productivity? Let's see, $50 an hour times 1.21 crashes per week, times 6 months, divided by the frustration factor, plus $149+33, plus $99+15... for a grand total of $1,608,007.53. I view it as a conservative estimate, of course. In reality, the true impact of Cobalt on my business is much greater.
Wow! If a million Cobalt users worldwide over the last 15 months suffered like I did, it would amount to a whopping $1.6 trillion. Coincidence?